Lotus Notes multiple vulnerabilities

Multiple buffer overflows and directory traversal on handling differnt archives: zip, uue, tar and HTML attachments...

JVN#89344424 Multiple email clients vulnerable in handling an attachement inapropriately

Impact Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a particular file name. Other possible impacts could be an attached file not being saved or hanged up while in the saving process, or an error message being displaye...

USN-246-1: imagemagick vulnerabilities

Florian Weimer discovered that the delegate code did not correctly handle file names which embed shell commands CVE-2005-4601. Daniel Kobras found a format string vulnerability in the SetImageInfo function CVE-2006-0082. By tricking a user into processing an image file with a specially crafted fi...

Design/Logic Flaw

Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files...

CVE-2006-0332

Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files...

CVE-2006-0236

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an...

CVE-2006-0091

Cross-site scripting XSS vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline...

Cross site scripting

Cross-site scripting XSS vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline...

CVE-2006-0091

Cross-site scripting XSS vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline...

CVE-2005-1753

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to sourc...

PT-2005-2725 · Oracle · Javamail Api

Name of the Vulnerable Software and Affected Versions: JavaMail API versions 1.1.3 through 1.3 Description: The issue allows remote attackers to view other users' e-mail attachments via a direct request to "/mailboxesdir/username@domainname". This is related to the ReadMessage.jsp file in the...

Horde IMP 2.2.x3.2.x4.0.x - Email Attachments HTML Injection

Horde IMP 2.2.x3.2.x4.0.x - Email Attachments HTML Injection source: https://www.securityfocus.com/bid/15730/info Horde IMP is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically...

Horde IMP 2.2.x/3.2.x/4.0.x - Email Attachments HTML Injection

source: https://www.securityfocus.com/bid/15730/info Horde IMP is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be...

CVE-2005-3895

Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary w...

CVE-2005-3759

Multiple cross-site scripting XSS vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 gzip/tar and 2 css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments...

CVE-2005-3759

Multiple cross-site scripting XSS vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 gzip/tar and 2 css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments...

CVE-2005-3692

Cross-site scripting XSS vulnerability in AMAX Magic Winmail Server 4.2 build 0824 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 retid parameter in badlogin.php, 2 Content-Type headers in HTML mails, and 3 HTML mail attachments...

CVE-2005-3573

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service application crash...

CVE-2005-3573

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service application crash...

CVE-2005-3573

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service application crash...